<?php
include __DIR__ . "/config/cors.php";
include __DIR__ . "/database.php";

$nid = @$_GET['nid'];
$username = @$_GET['username'];
$role = @$_GET['role'];

if (!isset($role) or $role != "admin") {
    echo json_encode([
        "code" => 401,
        "message" => "无权访问！"
    ]);
    exit;
}

if (!isset($nid)) {
    echo json_encode([
        "code" => 201,
        "message" => "必要参数传递有误"
    ]);
    exit;
}

$db = new DB();
$sql = "delete from news where id = '$nid'";
if ($db->execute($sql)) {
    echo json_encode([
        "code" => 200,
        "message" => "删除成功"
    ]);
} else {
    echo json_encode([
        "code" => 205,
        "message" => "删除失败"
    ]);
}